Editing the cipher under "/var/netwitness/config-management/cookbooks/nw-nginx/templates/default/nw-ui.conf.erb" should retain the changes when user performs above operations.These changes will still revert when user does upgrade or update.

Core services:

It is configured at Admin-Services-'The service which uses the ssl port'-Explore, /sys/config/ssl.cipher.list Default value is '-ALL:!aNULL:HIGH' or '-ALL:!aNULL:!DES:!3DES:HIGH'.For example, to disable DES and 3DES ciphers add '!DES:!3DES' to the field.

Default encryption cipher

When a client asks a server, server will select cipher suites from the list which is provided from the client.And you can check the ordered default cipher preference list by following the command line.

# openssl ciphers -v 'DEFAULT'

How does VLC secure the logs and forward out in detail?

Same with log collector. encrypted SSL port 56001Between LC and each event source, each protocol has own encryption method. Refer to the 'Log Collector Service' in the Network EncryptionNetWitness Network Encryption: https://community.rsa.com/docs/DOC-105911

Note: About any encryption on log files stored on the local disk, there is no filesystem level encryption, only transport level encryption.